APPLE-SA-2012-11-29-1 Apple TV 5.1.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-11-29-1 Apple TV 5.1.1
Apple TV 5.1.1 is now available and addresses the following:
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Compromised applications may be able to determine addresses
in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing a
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square,
and additional anonymous researchers
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description: A time of check to time of use issue existed in the
handling of JavaScript arrays. This issue was addressed through
additional validation of JavaScript arrays.
CVE-ID
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working
with HP TippingPoint's Zero Day Initiative
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQtpmWAAoJEPefwLHPlZEwd8sP+waxIXnUyMc6YA7Nh/f6cC69
whHE1CRR/5MQuu0RvgM6WQpOKlgUapphmJptiahy1VTWezul0ikFZrK7isY9Qhiq
DqfqiNanq0AMLtMHMCJ2U1cfZXjmgBQ/8gBo0AH5R28xHLjDKQmFtsbxep9eitgm
lPCm8No+3HhQfP2YVxxw7BqtdtOS40+opq9W90BZkL1OCnglw9rwQH6CAnGLmNFb
g+3/mfBMzYB4aeob1rg3Zj6xmWCLJXtnNPzU+bxyxJiQDTNJcVQc4rLo+J4yBcDY
4/hJspNiA1LyjvrqJE6998Zzs7ULwnpoIhZR0/oy4q76o7ETtsRvlLIzig4Erwwo
SgAAtyw4Zn/6Ii4siCCto6xvrn4PvD4ph7Z8yQFBWlR5zbHDH1JuqTNjxGi1eJb5
N6AtpwtvVUcEKtQyRB4a6hvoeCRCjSMSXLMHyAXNx2sJny8FXT+zqVwgWjGD6BDq
bPYMWi1JnCiVBMJYH3DShv0keJvsvslC4IJjXjRoN/I+17EurnRw7f0ZhyiMaj4d
vrc4adHEsX0f34N4ug1zLmDGPDHKT7ob+rp1DvYp2XVD+rsyJ7HmtpehIoupWAgC
aZQtLXiJPKLC/JB+r+i/CyKcYWhzhYlrROd69CubjdXS3VBvup5wmzvuXHws9QwE
tmigYJfnTwIsjKU4P9SS
=VpYW
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden